CapstoneProjectCMC
diff --git a/‎.github/dependabot.yml‎
Lines changed: 25 additions & 23 deletions b/‎.github/dependabot.yml‎
Lines changed: 25 additions & 23 deletions
diff --git a/‎.github/workflows/ci-sonar.yml‎
Lines changed: 26 additions & 4 deletions b/‎.github/workflows/ci-sonar.yml‎
Lines changed: 26 additions & 4 deletions
diff --git a/‎.github/workflows/coding-service-publish.yml‎
Lines changed: 2 additions & 1 deletion b/‎.github/workflows/coding-service-publish.yml‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎.github/workflows/dependabot-auto-merge.yml‎
Lines changed: 39 additions & 0 deletions b/‎.github/workflows/dependabot-auto-merge.yml‎
Lines changed: 39 additions & 0 deletions
diff --git a/‎.github/workflows/deploy.yml‎
Lines changed: 6 additions & 6 deletions b/‎.github/workflows/deploy.yml‎
Lines changed: 6 additions & 6 deletions
diff --git a/‎.github/workflows/docker-publish.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/docker-publish.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/file-service-publish.yml‎
Lines changed: 2 additions & 1 deletion b/‎.github/workflows/file-service-publish.yml‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎.idea/compiler.xml‎
Lines changed: 4 additions & 4 deletions b/‎.idea/compiler.xml‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎.vs/backend/FileContentIndex/4a76a1dd-5482-471a-9378-46b89c11dd52.vsidx‎
10.1 KB b/‎.vs/backend/FileContentIndex/4a76a1dd-5482-471a-9378-46b89c11dd52.vsidx‎
10.1 KB
diff --git a/‎.vs/backend/FileContentIndex/b3582c71-e689-4300-a0e2-16d2db0ab231.vsidx‎
1.7 MB b/‎.vs/backend/FileContentIndex/b3582c71-e689-4300-a0e2-16d2db0ab231.vsidx‎
1.7 MB
@@ -1,4 +1,22 @@
 version: 2
+registries:
+  ghcr:
+    type: docker-registry
+    url: ghcr.io
+    username: ${{secrets.GHCR_USERNAME}}
+    password: ${{secrets.GHCR_TOKEN}}
+
+  dockerhub:
+    type: docker-registry
+    url: registry-1.docker.io
+    username: ${{secrets.DOCKERHUB_USER}}
+    password: ${{secrets.DOCKERHUB_TOKEN}}
+
+  github-maven:
+    type: maven-repository
+    url: https://maven.pkg.github.com/${{github.repository_owner}}/*
+    username: ${{secrets.GHCR_USERNAME}}
+    password: ${{secrets.GHCR_TOKEN}}
 updates:
   # Dependabot maven có thể chạy ở root của multi-module project
   - package-ecosystem: "maven"
@@ -12,25 +30,16 @@ updates:
     labels: [ "dependencies", "maven", "backend" ]
     groups:
       spring-bom:
-        patterns:
-          - "org.springframework.boot:*"
-          - "org.springframework.cloud:*"
+        patterns: [ "org.springframework.boot:*", "org.springframework.cloud:*" ]
         update-types: [ "minor", "patch" ]
       grpc-protobuf:
-        patterns:
-          - "io.grpc:*"
-          - "com.google.protobuf:*"
+        patterns: [ "io.grpc:*", "com.google.protobuf:*" ]
         update-types: [ "minor", "patch" ]
       mapping-and-utils:
-        patterns:
-          - "org.projectlombok:*"
-          - "org.mapstruct:*"
+        patterns: [ "org.projectlombok:*", "org.mapstruct:*" ]
         update-types: [ "minor", "patch" ]
       test-stack:
-        patterns:
-          - "org.jacoco:*"
-          - "org.sonarsource.scanner.maven:sonar-maven-plugin"
-          - "org.apache.maven.plugins:*"
+        patterns: [ "org.jacoco:*", "org.sonarsource.scanner.maven:sonar-maven-plugin", "org.apache.maven.plugins:*" ]
         update-types: [ "minor", "patch" ]
 
   # ========= FileService (.NET / NuGet) =========
@@ -57,19 +66,11 @@ updates:
     labels: [ "dependencies", "docker" ]
     open-pull-requests-limit: 10
     groups:
-      nginx-node-base:
-        patterns:
-          - "nginx"
-          - "node"
-        update-types: [ "minor", "patch" ]
       dotnet-base:
-        patterns:
-          - "mcr.microsoft.com/dotnet/*"
+        patterns: [ "mcr.microsoft.com/dotnet/*" ]
         update-types: [ "minor", "patch" ]
       jre-maven:
-        patterns:
-          - "eclipse-temurin:*"
-          - "maven:*"
+        patterns: [ "eclipse-temurin:*", "maven:*" ]
         update-types: [ "minor", "patch" ]
 
   # ========= Dockerfiles ở root =========
@@ -87,6 +88,7 @@ updates:
   # ========= GitHub Actions =========
   - package-ecosystem: "github-actions"
     directory: "/"
+    registries: [ "ghcr", "dockerhub" ]
     schedule:
       interval: "weekly"
       day: "monday"
 
@@ -15,16 +15,19 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0  # Sonar cần có full history để tính "blame"
 
       - name: Set up JDK 21
-        uses: actions/setup-java@v4
+        uses: actions/setup-java@v5
         with:
-          distribution: 'temurin'
+          distribution: temurin
           java-version: '21'
-          cache: 'maven'
+          cache: maven
+          server-id: github
+          settings-path: ${{ github.workspace }}
+          token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Build & Test
         run: mvn -B -DskipTests=false -Dmaven.test.failure.ignore=true verify
@@ -39,6 +42,25 @@ jobs:
             **/target/failsafe-reports/**
           if-no-files-found: ignore
 
+      - name: Set up JDK 21
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version: '21'
+          cache: maven
+          server-id: 'github'
+          server-username: 'GITHUB_ACTOR'
+          server-password: '${{ secrets.GITHUB_TOKEN }}'
+          settings-path: ${{ github.workspace }}
+
+      - name: Publish to GitHub Packages
+        if: startsWith(github.ref, 'refs/tags/v')
+        run: |
+          # actions/setup-java (bên trên) đã tạo sẵn serverId=github dùng GITHUB_TOKEN
+          mvn -B -DskipTests=true \
+            -DaltDeploymentRepository=github::default::https://maven.pkg.github.com/${{ github.repository }} \
+            deploy
+
       - name: SonarQube / SonarCloud Scan
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN_BACKEND }}
 
@@ -26,7 +26,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Set up QEMU (multi-arch)
         uses: docker/setup-qemu-action@v3
@@ -54,6 +54,7 @@ jobs:
           DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
           IMAGE_TAG: ${{ env.IMAGE_TAG }}
           DOCKER_PLATFORMS: linux/amd64
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           chmod +x ./build-image-coding-github.sh
           ./build-image-coding-github.sh coding-service
@@ -0,0 +1,39 @@
+name: Dependabot Auto-merge (minor & patch)
+
+on:
+  pull_request_target:
+    types: [ opened, synchronize, reopened, labeled ]
+
+permissions:
+  contents: write
+  pull-requests: write
+  checks: read
+
+jobs:
+  auto-merge:
+    if: github.actor == 'dependabot[bot]'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Fetch metadata
+        id: meta
+        uses: dependabot/fetch-metadata@v2
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Approve PR (minor/patch)
+        if: |
+          steps.meta.outputs.update-type == 'version-update:semver-minor' ||
+          steps.meta.outputs.update-type == 'version-update:semver-patch'
+        uses: peter-evans/approve-pull-request@v6
+        with:
+          pull-request-number: ${{ github.event.pull_request.number }}
+          review-message: "Auto-approved by workflow for minor/patch updates."
+
+      - name: Enable auto-merge (squash)
+        if: |
+          steps.meta.outputs.update-type == 'version-update:semver-minor' ||
+          steps.meta.outputs.update-type == 'version-update:semver-patch'
+        uses: peter-evans/enable-pull-request-automerge@v3
+        with:
+          pull-request-number: ${{ github.event.pull_request.number }}
+          merge-method: squash
@@ -42,7 +42,7 @@ jobs:
           echo "run.head_sha:      ${{ github.event.workflow_run.head_sha }}"
 
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Derive IMAGE_TAG (from workflow_run or manual)
         shell: bash
@@ -168,7 +168,7 @@ jobs:
           fi
 
       - name: Ensure remote dir exists
-        uses: appleboy/ssh-action@v1.0.3
+        uses: appleboy/ssh-action@v1.2.2
         env:
           DEPLOY_DIR: ${{ steps.targetdir.outputs.DEPLOY_DIR_FINAL }}
         with:
@@ -195,7 +195,7 @@ jobs:
           test -d deploy_bundle/init/mongo
 
       - name: Pre-clean monitoring paths on server
-        uses: appleboy/ssh-action@v1.0.3
+        uses: appleboy/ssh-action@v1.2.2
         with:
           host: ${{ secrets.SSH_HOST }}
           username: ${{ secrets.SSH_USER }}
@@ -216,7 +216,7 @@ jobs:
             done
 
       - name: Upload bundle to server
-        uses: appleboy/scp-action@v0.1.7
+        uses: appleboy/scp-action@v1.0.0
         with:
           host: ${{ secrets.SSH_HOST }}
           username: ${{ secrets.SSH_USER }}
@@ -228,7 +228,7 @@ jobs:
           strip_components: 1
 
       - name: Verify files exist on server (debug)
-        uses: appleboy/ssh-action@v1.0.3
+        uses: appleboy/ssh-action@v1.2.2
         with:
           host: ${{ secrets.SSH_HOST }}
           username: ${{ secrets.SSH_USER }}
@@ -238,7 +238,7 @@ jobs:
             ls -la '${{ steps.targetdir.outputs.DEPLOY_DIR_FINAL }}'
 
       - name: Verify .env identical & run deploy
-        uses: appleboy/ssh-action@v1.0.3
+        uses: appleboy/ssh-action@v1.2.2
         env:
           IMAGE_TAG: ${{ env.IMAGE_TAG }}
           ENV_SHA: ${{ env.ENV_SHA }}
 
@@ -36,7 +36,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Set up QEMU (multi-arch)
         uses: docker/setup-qemu-action@v3
 
@@ -26,7 +26,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Set up QEMU (multi-arch)
         uses: docker/setup-qemu-action@v3
@@ -54,6 +54,7 @@ jobs:
           DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
           IMAGE_TAG: ${{ env.IMAGE_TAG }}
           DOCKER_PLATFORMS: linux/amd64
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           chmod +x ./build-image-file.sh
           ./build-image-file.sh